Process-aware, eBPF-based tcpdump

Docker container for compiling static eBPF applications with libbpf-bootstrap

Workshop: Forensic Analysis of eBPF based Linux Rootkits

Kernel shell

中国eBPF大会演讲题目和项目征集。

Flow feature extraction tool built in Rust using eBPF

Automated upstream mirror for libbpf stand-alone build.

A Linux Host-based Intrusion Detection System based on eBPF.

Get live information about applications that make network requests (based on eBPF)

socketrace is an eBPF-based tool to trace kernel socket events. License Apache 2.0 and GPL-2.0

bpflock - eBPF driven security for locking and auditing Linux machines

eBPF UDP -> TCP obfuscator

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

LMP provides an eBPF Supermarket for developers, including eBPF tools, open-source projects based on eBPF, eBPF learning materials, Linux kernel learning materials, and more.

eBPF distributed networking observability tool for Kubernetes

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

ebpf实现的端口复用程序

利用eBPF进行端口复用，由BCC实现

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Exploit tool implemented using ebpf.

eBPF Observability - Distributed Tracing and Profiling

nysm is a stealth post-exploitation container.

eBPF Port Knocking Tool

ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.

vArmor-ebpf is a specialized project dedicated to maintaining the BPF code utilized by vArmor.

eBPF Developer Tutorial: Learning eBPF Step by Step with Examples

Various examples of using eBPF code

Learning eBPF from zero to hero

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

An eBPF🐝 Keylogger with C2-based RCE payload delivery